Balancing Corporate Security and Employee Needs in a BYOD Environment

Balancing Corporate Security and Employee Needs in a BYOD Environment

The rise of the bring your own device (BYOD) movement is inevitable, and Gartner predicts that 2017 should see half of the world’s employers implementing a BYOD policy. As BYOD and mobility grow in the workplace, so do security challenges, privacy risks, and employee demands. Managing a corporate BYOD program is a complex balancing task that involves protecting company interests and satisfying employee needs without compromising productivity.

Employee Pressure May Compromise Productivity

Employees are stressed about limitations on the type of device they can use, controlled access to data they can work on, incurring added charges on Wi-Fi outside the workplace, and privacy issues. In a recent survey conducted by Information Solutions Group for Syntonic, a company that offers mobile content solutions, 50% of employees revealed that restrictions on their smart devices reduce productivity.

Workers want to use devices they are comfortable with, and these are often their personal devices. Using familiar devices helps workers improve their satisfaction levels, leading to greater productivity. For instance, Cisco noted a 33% increase in employee satisfaction when the company allowed its employees to use their personal smartphones and iPads.

However, employees who experience limitations on the type of device they want to use and controlled access to the corporate network are prevented from efficiently executing their tasks.

Reimbursement is another testy issue where employers and employees often have different views. When employees use their own devices, they naturally purchase them at their personal expense, including the Wi-Fi plans. While a few states have incorporated BYOD reimbursement in their labor laws, it doesn’t seem to be the norm.

Privacy is yet another concern for employees. They don’t like their favorite apps blocked or invaded with intrusive mobile device management (MDM) systems.

The Burden of Securing Data, Applications, and Devices Is on the Employer

The 2016 Spotlight Report on BYOD and mobile security presented by Information Security Community on LinkedIn found that a major concern of employers related to BYOD is security. The report summarizes the security concerns as follows:

72% – Data leakage/loss

56% – Unauthorized access to company data and systems

54% – Downloading of unsafe apps or content

52% – Malware

50% – Lost or stolen devices

49% – Vulnerability exploitation

48% – Lack of control on endpoint security

39% – Infrequent software updates

38% – Compliance

Clearly, the findings show that there is no shortage of mobile threats that can be ruinous to business. The uncontrollable use of devices could cause any of the mentioned vulnerabilities and lead to loss of customers, loss of sales, and costly legal and financial fines, among other consequences.

Striking a Balance Between Corporate Interests and Employee Needs

It is time for employers to review, revise, or craft a definitive BYOD strategy that satisfies both corporate interests and employee needs.

Rob Tiffany, a mobile strategist at Microsoft, recommends that employers let employees know what devices and operating systems meet the requirements of their BYOD policies. BYOD doesn’t mean workers can use any device they want. It should be made clear to them that the devices they use must be compliant with the company’s network and security requirements.

A secure BYOD policy underscores the importance of managing sensitive data throughout its entire lifecycle — from creation to transfer to storage to removal. Password protection, remote wipe, data and device encryption, and data removal at device disposal or employee separation are basic risk control measures for securing mobile devices.

An MDM system is an additional line of defense for mitigating mobile security risks. However, user privacy becomes an issue if no mechanism is put in place for separating personal from corporate content. The policy should, thus, describe privacy protections and exceptions, apps that are allowed or banned, and specific user activities that are prohibited.

An alternative to restrictive MDM systems is the use of a virtual infrastructure where all data is stored on a third-party server. Nothing is left on the devices after users end the sessions and log out from the system.

The BYOD policy should also address financial concerns. It should outline who pays for devices, carrier plans, Wi-Fi charges, roaming costs, and other related expenses.

BYOD is not a simple IT initiative. It requires the analysis of key factors related to security policies, delivery models, and support structure to define a successful BYOD strategy. If you’re looking to implement your own BYOD program, contact us at Copper State Communications for a no-commitment consultation.